Afternoon, everyone. I'm Zach Franken and this is Major Malfunction.
Hi. I'm going to be sitting quietly here for a bit and actually learning what he does.
Because I have no fucking idea. He does this weird hardware stuff and all these really
terrible smells come out of the room and when he gets the chemicals out it's even worse.
So yeah, this is going to be interesting. What can I say? I'm a farter.
Okay. So we're going to take you guys through a bit of hardware reverse engineering and
I think you're going to have fun with it. We certainly did. So we are Aperture Labs.
We are not Aperture Laboratories. They are someone completely different. We do occasionally
get a bit of misrouted mail, though.
Okay.
So here's a piece of mail we got. Dear Aperture Laboratories, do you make portal
guns? Do they work? Well, I have an idea for a portal gun. Here is the picture. The portal
colors are yellow and rainbow from Joshua.
Brilliant.
So apart from the dreadful
photoshopping on this picture, you notice the thumbs aren't pointing the right way around.
So I think I'm a reasonably smart guy. And I was just completely not thinking when I
went on to Google images and searched for the word fist.
I swear to God.
I swear to God.
Holy shit.
It's like, yeah, there was one I thought he was trying to pick her nose from the inside.
It was mind bleach.
Okay.
So just to recap.
Okay.
So we're going to talk ‑‑ or I'm going to talk about ‑‑ I'm going to talk about
a simple decapping that you can do and the kind of benefits you'll get from it.
Call it the plink, plink fizz method.
So need some ingredients.
Some nitric acid.
So normally between 70 and 90%, you can get it up to 99.
70 is probably good enough.
And it's ‑‑ there are issues with chemicals like these, so, you know, just like you might
think you really want the 99% stuff, you probably really don't.
Acetone, which is an organic solvent.
A hot plate, because the hotter the nitric acid is, the faster the reaction.
So you can have a chip, you can drop it in, room temperature nitric acid, nothing will
happen.
Actually, that's not quite true.
The legs will miraculously disappear.
And just actually disappear right into the package.
It's like, ooh, there's very small holes on the side.
But as soon as you start to get it a bit warmer.
Amazing things happen.
Borosilicate glass beakers.
These are Pyrex beakers, so they can withstand a bit of heat without shattering.
A pipette, just for moving liquids around.
And an acetone wash bottle.
Again, just an easy way to apply your acetone.
And some Petri dishes, which are useful for sorting out the results.
So you see that?
What can I say?
And the other one, the other great place to get some of this stuff from, Amazon.
Who would have thought?
I bought some, I'm trying to think, potassium nitrate from Amazon.
And I'm like, okay.
And at the bottom, and I've seen this on a couple of occasions.
The other people bought sulfur and charcoal.
And it's like, okay.
My favorite was, I was looking for aluminum powder.
And other people bought iron oxide and magnesium ribbon.
I'll sling them into one of these slides, actually, now I remember.
Okay, so eBay is your friend.
The shit we bought from eBay is astounding.
So as you can probably gather, this stuff can get quite nasty.
Nitric acid, particularly, particularly bad.
So it does what we want.
Particularly to dissolve organics.
So the epoxy packaging on the chip is the thing we want to get rid of.
But it will also take out metals as well.
Dissolves copper.
And does all the other lovely things acid does.
It will burn you.
It has choking fumes.
So as soon as you take the cap off the bottle, it will start fuming away.
You get fumes from the acid.
You get fumes from the stuff the acid reacts with.
And that's typically nitrogen dioxide.
Toxic, of course.
And, yeah, if you get a lungful of nitric acid vapor, there's about an eight-hour delay before it has a nice catastrophic effect.
I mean, it will be really unpleasant initially.
And then eight hours later, bad stuff will happen.
Oh, yeah, and it causes spontaneous combustion of organics.
And this is probably an important point to note.
Kitchen table.
Yeah.
This one is not for the kitchen table.
Definitely outside and better with a cabinet.
So, you know, so people wear latex gloves.
And in general, in labs, people have started moving to nitrile gloves because nitrile is great.
It's resistant to most chemicals.
It doesn't react with them.
This is what happens when you take a bit of nitrile glove.
And you add a little bit of nitric acid.
Bye-bye.
So.
16 seconds will go up before it catches fire.
So you definitely want to be a bit careful with it.
Okay.
Acetone is only a little evil.
It will dissolve plastics in particular.
It can be really handy for getting inside smart cards and things like that.
Has choking fumes.
And apparently it's a little bit carcinogenic as well.
Oh, yeah.
The fumes are heavier than air.
So if I'm working with it up here, the fumes are going to cascade off the table and onto the floor and spread out.
So the guy back there is going to have a nice little pool of acetone fumes around him.
If it rolls down into the basement, yeah, it's interesting stuff.
Yeah.
And, again, you won't realize, you won't really smell anything, but there's a nice layer of it on the ground.
And, yeah, bang.
So.
Safety.
We use a fume cabinet.
You've just got to also think about how you're dealing with this stuff, especially the nitric acid and where you're storing it.
Okay.
So handling it, think about where it is, where you're moving it to.
Is the container open?
If you've got a pipette and you're moving it across to your sample, if the pipette drips, what's it going to drip on?
If it spills, where is it going to run?
And what's it going to hit as it runs?
So just kind of be aware in your head what's going on.
Also, you can neutralize it with baking soda because it's an acid.
We use an industrial neutralizer which costs, you buy it in cases of six, it costs about 200 bucks.
It's amazing stuff.
You just sprinkle it on and it color changes when it's safe.
It's like perfect.
Neutralization for dummies.
So here's our fume cabinet.
Any ideas where the fume cabinet was acquired?
eBay!
Ten pounds this fume cabinet cost.
It cost 35 pounds to have a cab go pick it up.
Now, it sounds like a great deal, but it is safety equipment.
And this is called a recirculating fume cabinet.
So some fume cabinets just suck things up and vent them straight outside.
This is designed to vent back into the room.
So everything goes through a filter.
Therefore, there's no way I'm trusting the filters from a ten-quid eBay fume cabinet.
So a new set of filters cost about 500 quid to put in.
But, you know, you can use direct vent outside or, you know, a lot.
You don't like your neighbors, do you?
Yeah.
A lot smaller fume cabinets.
Oh, and again, you can do this stuff outside.
And that's how I started doing it.
The other thing, just be aware of the wind.
Because if the wind changes, your big plume of nitric acid fumes that was going over there all of a sudden, you know, heads toward you.
And even a tiny kind of little bit, very unpleasant.
So, yeah, this is like, yeah, I really don't want to be near that shit ever again.
So here's the nitric acid.
You never guess where I got it, of course.
You use a beaker and pipette.
And the great thing about this is you don't need to use a lot.
You know, 12, 15 mils of nitric acid at a time is plenty to decap a chip.
Which is great.
It means you don't have to have tons hanging around.
And you're not moving large quantities about.
This is an acetone wash bottle.
So handy.
You just fill it up with acetone.
The straw, when you're not using it, you just pull up above the level of the acetone.
And the acetone will stay as it's heavier.
It will stay in the bottle.
So here is a simple example.
This is a pick chip.
Pick 32.
And as you know, we have a tradition at DEF CON that all first time speakers have to do a shot.
And we figured you were a first time speaker at DEF CON 21.
Okay.
So.
As short as it is.
A shot of Jack.
How surprising since it's you.
So you realize when I fuck the rest of my talk up, I'm just going to blame you.
You know what?
Wait a minute.
Back up.
Excellent.
How come I have to drink one because he didn't?
That's not fair.
Cheers.
All right.
Let's hear it for these first time speakers.
Cheers, all.
DEF CON 21.
Thank you, sir.
Please may I have another?
Thanks, Proctor.
You're welcome.
I was kidding.
No.
You're cut off, buddy.
Okay.
As you were.
Thank you.
Do you want a bottle?
No.
Do you want the empty one?
No.
Oh, yeah.
We better take it.
Oh, okay.
Where was I?
Yeah.
Who was I?
So this is a microchip PIC32 chip which I was knocking around and I had more than one
of them.
Okay.
So we'll use this guy.
It's a very modern chip.
So it's very highly integrated.
So the level of detail on it is very small.
But slightly older chips are fun because you can actually really start to understand how
they're built up and how the gating is done and things like that.
So as soon as I pop this in here, one of the things I want you guys to look for is
on the kind of bottom side here, as soon as it's dropped in the beaker, it'll react instantly.
This acid is about 90 degrees Celsius.
It will boil at 120.
And so as soon as the chip goes in, it will start reacting immediately.
And what you'll see is around the kind of bottom here, you'll see a spall coming off
of the epoxy.
So yeah.
So, yeah.
And no one is seeing this video, are they?
I am.
It's great.
It is.
Evil, evil, evil Microsoft.
All right.
Okay.
Actually that was ‑‑ okay.
So.
We look for the spall around the bottom of the beaker.
Here we go.
Instant reaction.
Boom.
The petri dish on top is just to kind of contain the fumes a little bit.
So the brown fumes are nitrogen dioxide and you can see here this dark cloud is the epoxy
coming off the beaker.
This is the dark cloud coming off of the beaker.
off the chip. Okay. So once it's finished reacting, take the acid into a second beaker,
your disposal beaker, and take the beaker, rinse it with the acetone and decant it into
the petri dish. And what you'll end up with is a dye with all the bond wires still intact
because the acid is going to eat not just the epoxy but the entire lead frame as well,
both externally and internally from the chip. So get the dye, rinse it in a little bit more
acetone and this is what you'll end up with. And it kind of looks a bit yucky. There's
still a little bit.
A little bit of epoxy on there. But again, another fantastic eBay purchase. These are
like 30 quid. And they're amazing. They will just remove all the shit from anything, including
chips. They're really cool. So we've used them with water. We've used them with water
in them and then a beaker of acetone with the
chip sitting in it and absolutely fantastic. And if you have watches or jewelry or glasses
and you pop them in this, the first thing you're going to go is holy shit, am I a filthy
person. You'll see it, it'll just be coming off. It's like oh, my God. But they're amazing.
They're super cheap these
ones. And if you get one, don't forget to do your wife's and girlfriend's jewelry. You'll
love it. Okay. So after it's had a trip through the cleaner,
this is what we've ended up with. Now, this is not a particularly great microscope picture
because a really cool microscope doesn't have a lens big enough to take the whole chip.
So this was done with a small crappy USB microscope. But you can see it's cleaned up a lot. One
of the other things you'll notice that's missing are the bond wires, or a lot of the bond wires.
That's because the chip was vibrating around in the ultrasonic bath and they simply got
knocked off. They're pretty fragile. So let's take a bit of a closer look. So this is it
under a microscope. And this is ‑‑
And one of the kind of identification areas of the chip. These numbers here represent
the layers. So the die is built up in layer upon layer upon layer. So as the chip is manufactured,
you take your puck of silicon, you've got your wafer slice off it. And it's kind of
a constant ‑‑ so basically you expose ‑‑ or you ‑‑ okay. Start from the beginning.
You've got your wafer. You lay down a mask, which is a chemical that is etched away by
typically ultraviolet light. Once that's coated, that resist is coated on the die, you
have a large image.
Of the portion of the chip. You focus it down onto the die, onto the wafer. Expose it with
ultraviolet light. And then you rinse the ‑‑ the resist chemical away. And that just leaves
an exposed area which you can then dope with another layer of silicon and just build it
up and build it up and build it up. So this ‑‑ these identifiers are kind of
quotation marks for each layer as it got laid down. So you can see, well, actually, you
know, we did actually put down layer 156. The reason the colors are different is because
of the different depths, they are reflecting the light slightly differently. Okay. Never
again. Not jacked up.
So let's zoom in a little bit more. A little bit more. So you can get some really
great detail. Okay. Here are the bond wires. These ‑‑ as you see, there's the two
on the left‑hand side of this picture are actually missing. They got simply vibrated
off. So there are typically two types of bonds. This is called a ball bond, which is the more
modern technique. The older technique is called a wedge bond. And you can actually find wedge
bonders on eBay, of course, if you wanted to take the die and try and put it into a
new lead frame. But there's better techniques. The ball bonds are quite clever. The wire
comes out. It gets hit by a little paddle. There's an electric wire. It's a little bit
of electric charge between them. And it kind of causes the little gold wire to fuse into
a ball. And then it ultrasonically pushes that ball down and ultrasonically welds it
onto the pad. If you go onto YouTube and search for die bonding, the speed the die
bond machines go at is truly unbelievable. And they are literally dropping a ‑‑ they're
a bond on the die, taking it to the lead frame, ding, ding, ding, ding, ding, ding,
at the speed of light. It's unbelievable. So why the hell are we doing this?
It is a reasonable question. You've sat there very patiently while I've rambled on.
Well, there are some really good reasons to do this, actually.
So here's a really simple example. A friend of mine is a sort of a model maker. And he's
actually one of the guys that built the Hogwarts model.
We're having a beer one day. He started talking about this plug. This was given cheaply by
one of our power companies in the U.K. And it's a power saving device. You plug your
computer into the master socket of your TV, and your peripherals into the slave socket
on the side. And when you turn the master on, it turns on the peripherals. Simple, easy.
But what they wanted to use it for was dust collection for power tools. So basically they
will plug the power tool into the master. The extraction system will be plugged into
the slave. And as soon as you turn it on, extraction starts and they can go. The only
problem with this is there's a five‑second delay between the master turning on and the
slave turning on. And they just can't handle that.
The alternatives, the actual, if you went to buy one of these, they charge 150 quid.
So about 250 bucks for something like this. This costs eight quid. So for something that's
doing pretty much exactly the same thing.
So he mentioned that someone had hacked this and was asking me about it. So let me actually
take a look at it. It's a pretty simple device. So on the top here you have a little power
supply. The next important thing is this resistor here, resistor 17, which is to measure
the current.
So.
So here are the actual important bits. We have two chips here. A Cirrus Logic chip, which
is nice and clearly marked. Cirrus Logic is the vendor. It's CS5466-ISZ. Type that into
Google and you'll get the data sheet and you're off. And then we've got the OC706.
Or if you look at the other plug, it's the OC708. Can't find anything about this device.
Now, when you read the Cirrus Logic data sheet, this is a current frequency converter chip.
So it's measuring the current across that resistor and it's outputting a frequency that's
proportional to the current consumed. And it needs a clock as well. And this, when you
reverse the circuit, this OC706 chip is supplying the clock to the Cirrus Logic chip. So this
is what it's doing. But after a ton of Googling, and it's quite interesting because you'll
actually see other people searching for the, you know, Google suggesting, oh, did you
mean OC708? It's like people are searching for similar parts.
Now, it makes sense that this is a small microcontroller. But unless we know what it is, it's completely
useless. So the guy that hacked it basically pretty much replaced this entire chip with
the PIC chip, plunged it in, and away he went. But we can do better than that.
So if you plink, plink, fizz this chip, this is what you get. And thank you, NEC, for having
nice big part numbers here. This is a D70F9212. It's a little microcontroller. You go into
the NEC site.
Here's a CNN-NEC.
Here's the connection.
here's a compiler for it, here's all the development tools, they're all free, so we're away. Major
here hasn't quite had it dumped on him to write the code, but that's coming shortly.
That's because some idiot destroyed the chip. Plenty more where those came from.
Okay. So other interesting things. This is some masked ROM. It's another chip. So slightly
older. And we're going to zoom in a little bit. And zoom in. And it starts to look quite
interesting. So this is an area on the chip. Really close. And you can actually see the
actual, really start to see some proper texture. Okay. So one of the things we decided to do
was clean the image up a bit. So we're going to use an asset. So the very top layer of
the die is what's called a passivation layer. It's just a simple layer of silicon dioxide
glass to protect the die.
And then we're going to chip the electronics underneath from, you know, any contaminants
in the epoxy. So it's just basically to seal the top. But, again, if we remove that, we'll
get a nice, nice fresh image. So anyone got any ideas?
Hydrofluoric acid. Hydrofluoric acid. So some people have tried to polish it off. And
that works to a certain extent. But it can be really hard getting the chip perfectly
flat because these layers are incredibly thin. And if it's just off slightly, then you'
start digging in deeper on one end of the chip and you lose detail. It's a nightmare.
Hydrofluoric acid. It's used in the chip manufacture process when I was talking about the resist.
They use hydrofluoric acid that resists hydrofluoric acid, which they use to remove material.
So nitric acid is pretty nasty.
Hydrofluoric acid is fucking horrendous.
Not to put a finer point on it.
So, yeah.
Pure, pure, pure, horrendously evil stuff.
Not quite this time.
It is the piss of the devil.
No.
You can imagine some little sinners getting dipped in it repeatedly.
Okay.
So.
For those of you not familiar, it's an acid.
So it does all the kind of usual bad stuff that the nitric acid does.
It dissolves glass.
So that can be a little bit of an issue.
But that's actually what we want it to do.
So we're cool with that.
It's quite toxic.
Somewhat.
It eats calcium and magnesium.
And depending on the concentration,
if you actually get it on you, you won't notice for 24 hours.
So.
Bad, bad, bad, bad, bad shit.
Okay.
So I mentioned it dissolved calcium.
Yeah.
Loves calcium.
Yeah.
Yeah. You wish. Looks like this. So anyone notice anything about this picture? Especially
the one on the right. Apart from its extreme grossness. Sorry? Okay. So the reason his
finger is all wrinkly at the top is because there's no bone in there anymore. It's all
gone. And what's more, it will work its way up. Yeah. Bad, bad, bad, bad, bad shit. So
the Skelly grow isn't going to help. But the calcium gluconate gel will. So the whole
point of the gel is to feed the acid calcium. So it prefers the calcium gluconate rather
than the
calcium in your bones. So there are lots of, I mean, when I say hydrofluoric is bad,
it gets even worse. So if you read any treatment regimens for hydrofluoric acid, not only will
they say slap on lots of calcium gluconate or potentially inject it into you. So in
fabs they have kind of epipens within.
The treatment regimen says under no circumstances give the victim any pain relief whatsoever.
No local anesthetics, nothing. Because they know that they've finally treated you when
it stops hurting. So basically throughout the treatment, you're going to be in agony
and they're going to keep you in agony because they know when it stops hurting, you're probably
okay.
I really wanted to do this. It's like how the hell am I going to do this. I had a course
of dental treatment. My dentist is young and hip and we were chatting away, what did
you do, et cetera, et cetera. He happens to mention, oh, we use hydrofluoric acid.
I'm like, really?
.
.
And that's really interesting.
And slightly scary.
So this is the stuff.
This is dental hydrofluoric acid gel.
No, a company called Henry Schein.
Dental supply.
Sorry?
Ask your dentist nicely.
Absolutely.
And he'll do that, too.
We'll get there in a minute.
So I'm like, oh, where would you get ‑‑ oh, yeah, the various dental suppliers, he wrote
me a little list and one of them was a company called Henry Schein.
Okay.
So this is a little ‑‑ this shows you the level of insanity that's out there.
When I order components from one of the big U.K. component suppliers, like R&D, they
say, if I'm crazy enough to want something like a lithium coin cell, like two lithium
coin cells, because I happen to need some and I just threw them on another order, hazard
lights start flashing and it's like, oh, this is a hazardous material.
So basically what that means is your lithium coin cells will arrive by a separate shipment
three days later than you actually needed them.
And they'll be in a box like this ‑‑ no, I'm not shitting you ‑‑ for two coin
cells slapped with big hazard diamonds.
It's like, holy crap, this is live in a little box, no markings at all.
It's like, okay.
So it arrives in these little syringes.
And, yeah.
Some interesting things.
So they actually use it inside your mouth.
So the hygienist will be there with the extractor, sucking away, whilst the dentist is putting
it on your crowns to roughen them up before he applies an adhesive.
But it's designed for dentists.
It's not for chemists.
It's not for people working in fabs.
It's designed for a dentist who is kind of quite technical, but he's not a chemist, he's
not a rocket scientist.
He's a dentist.
So it comes in a gel form, which is pretty cool, because, again, I want it to be as safe
as possible for me, simple as that.
It's dyed so you can see exactly where it's going, which is quite handy.
And it's a quite low concentration, 9.6%, which is low, but it's still effective.
And the other thing, when you're doing stuff like this by yourself, you don't want something
to react necessarily super quickly.
You want to be able to control it.
So actually the fact that it takes a little bit longer to react, that's just perfect.
But yeah, you definitely want a fume cabinet for this stuff.
So.
Okay.
So this is a before and after.
So this is the before pic.
And this is the after.
And it looks a little bit blurry, and that's simply because this image is a little bit
blurry.
But it's cleaned up the image remarkably.
And as I said, just removing that top passivation there.
So here is another shot.
This is another part of the chip.
It has a bug in it.
And actually that is the bloody microscope camera.
And there's shit.
It was reasonably cheap.
Actually was it eBay?
I think it might have been eBay.
But yeah, we bought it.
It was super cheap.
And I think it got dropped.
And internally within it, crap got on the lens and trying to actually clean it out,
impossible.
And ideally with the sort of imaging we do, we wanted to kind of get the whole thing imaged.
And when it's got bits of crap on it, it's not ideal.
This particular bit of crap I actually think was on the die.
So yes, it was.
Okay.
So you can see there's a color change between these two images.
And that's because we've now removed a layer.
So as I said earlier, colors represent depth.
And the depths have all changed because there's now no longer a layer.
And it also opens this die up for microprobing.
So you can buy microprobing station, which is an amazing piece of kit.
Okay.
And it will allow you to put probes on these lines and actually sniff the data going through.
eBay.
I think that was our most expensive eBay purchase.
That was about 5,000 bucks.
Ours came from San Diego.
And it was the best eBay deal ever.
It had lots of accessories and a great microscope.
But it's ‑‑ have a look.
It's called the microprobing station.
And basically it's a little bit more expensive.
It's a microscope with a special stage.
And you have micropositioners that allow you to move a very fine probe.
And when we're talking about fine, I have probes that are .25 of a micron.
So you can move them very accurately and just plot them on these lines and you can sniff
the data on the chip buses.
But that's for another talk.
Okay.
So it is ‑‑ you did say be nice to your dentist, and it really is important to be
nice to your dentist.
I was nice to my dentist.
And this is what he gave me.
So ‑‑ and I was in for several sessions and said, hey, can I bring some stuff in
and get you to X‑ray them for me?
He's like, sure.
That sounds like fun.
He's like, excellent.
And I did.
And I did.
So it was just kind of one of those things, it's like dental X‑ray, is it going to be
useful and interesting for this sort of stuff?
And as it turns out, yes, it is.
So I brought a little selection of chips and plopped them down.
He zapped them.
And this is what we've ended up with.
So the good thing about these is X‑rays are one‑to‑one.
So these are scale‑size chips.
And it means that when you pop them under a microscope, you can do things like blow
them up.
These are the bond wires in situ inside the chip.
And actually something I never knew, this guy here ‑‑ if I'm pointing at the right
one, possibly ‑‑ this guy here has three bond wires going to the same pad.
And it turns out that's a power supply.
So that was a ground in that case.
So chip needs more current, needs more bond wires to handle the current.
So they stack three up.
Any idea what this is?
The texture at the back might give you a hint.
No takers?
So this texture is a very thin sheet of fiberglass.
And it's a little bit hard to see.
This is a SIM chip.
So you can actually see the bond wires coming from the die in the center.
The die you can't really see, but you can see the bond wires outlining the die going
to the various pads of the SIM chip.
Now this one is particularly interesting.
We were doing some testing for a client.
One of the things we do apart from kind of security reverse engineering is we do a little
bit of assurance work as well.
And we knew what we were kind of looking for with this chip.
And when we X-rayed it, it's like, holy shit, we know about chips one and two, these two
guys over here, what the fuck is this?
And it turns out that that is a radio chip, which we weren't expecting in this particular
device.
And it's not.
And as it turns out, it's there legitimately, but it could be completely illegitimate.
So there are issues with supply lines being compromised, fabs churning out dies that
have modifications.
And here is a small RF device that could be embedded in the die itself.
Sorry?
.
No.
That's not it.
That wasn't a USB stick, actually.
I can't really tell you what it is, unfortunately.
But it was like, holy crap.
So given that the guy in the middle is a processor and the one on the left is an EPROM, you know,
what we were actually doing was looking to look at the bond wires between the processor
and the EPROM and watch the conversation between the two.
And yeah, that RF chip, the way we actually figured out it was an RF chip was, you know,
he was pulling deliver of the bottom of it out of the jar when we blinked it and zoomed
in and there was our manufacturer's part number on it again.
Just look it up.
Holy crap.
But the interesting thing was I must have blinked half a dozen of these chips and I'm
going through, you go through the debris and I'm picking out and actually in this bad
particular case the processor and the EPROM.
It's bottom up on EPROM.
wires between them so they're joined together. So they're easy to spot and you just pick
them out. And then I kept coming across like a few weeks later after I had done a whole
bunch of them, I noticed that there was, you know, bigger chunks in the crap at the bottom
and it turned out to be this little die. Yeah, at that point we hadn't X‑rayed it
so we didn't know exactly what we were dealing with and we only were expecting those two
chips in there. Yeah.
So that was very interesting. And as I said, it's like, oh, what is this? Oh, there's several
of these. Where the hell did these come from? And actually on every chip I had plinked there
was one of those lurking in the grunge at the bottom. So ‑‑ so with this particular
project we wanted access ‑‑
Okay.
To sniff the data on these lines going between the MCU and this E‑prom chip. So
plink‑plink fizzing it isn't going to cut it because I need the chip to be operable.
So there is a handy machine to do it. It's called a Nicene jet etch. It's amazing. It's
like this size. You pop your chip in. And it will etch the chip. It's a nice little
hole in it down to the die. Only problem, $22,000. I have a constant eBay search for
them. Yeah, I haven't seen one yet. So it's like, okay, it's 22,000 bucks, but I reckon
it's doable. So came up with this design. This device is called the decapinator. It's
pretty cool. And I wrote a blog post about it. And I'm saying, okay, I've got this design.
I'm going to send out for the bits and I'll fill you in. Well, I'm a lazy fuck and haven't
actually updated to say, actually, yeah, it works. So you actually get to see the results.
So this was my plan for it. So you have a hot plate at the bottom. And then you have
your flask of nitric acid. You have in this drawing a syringe pushing air in so that the
nitric acid comes up. I ended up using an aquarium pump. And Teflon is resistant to
hot nitric acid. So I got Teflon rod of two different sizes. And I wanted to try and use
simple tools.
So this can all be done with a drill press and just some simple woodworking bits. And
the Teflon cuts like a dream if you use woodworking tools on it.
So I chopped out these two cups. I drilled a hole through the bottom. I learned a little
bit about pulling glass pipettes. It is simple unless you want the pipette to be absolutely
straight, in which case it's a fucking pain in the arse. But it's doable. And I also wanted
to be able to control where the acid was going to mask it into a particular area.
So after a lot of research, I came across this rubber, this gasket material called Viton
ETP 600S. And then I tried to find it. So I looked in all the usual places. And I found
this is. eBay. And Amazon. And I didn't do Craigslist. I've never done Craigslist. I
don't know why. I'll have a look, actually. Sorry. Okay. Well, I eventually tracked down
some people that did. And on the way, I came across ‑‑ it's made by DuPont. I came
across a DuPont. It was made by DuPont. It was made by DuPont. And I came across a DuPont
distributor, because apparently it's quite new, that when I said, oh, I'd like a sample
of Viton ETP, he actually wet himself on the phone. He was laughing down the phone at me
and saying, it's as rare as rocking horse shit.
It is. So I finally tracked someone else that I could order a sheet of. And I said, okay,
so I'd like to order some Viton. And it's like, oh, how much do you need? Well, I don't
need a lot. Just really ‑‑ I don't need a lot. I don't need a lot. I don't need a lot.
It would be, you know, six‑inch square would be fine. It's like, oh, no, that won't meet
the minimum order, which is 940 millimeter square. And I'm like, okay. Yeah, that will
be fine. Okay. That will be 1700 pounds plus VAT. So basically the better part, 2,500 bucks.
And I'm like, yeah, I don't need the Viton that badly. And I did actually track down
someone that sold me a ‑‑ I don't know if you can see it. I don't know if you can
see it. Kind of six‑inch by six‑inch slot piece of it. Actually had a hole punched
in it. So I think it was actually on a proper sample sheet. Sample little book. It was
200 quid. But in the meantime, I had gotten some regular Viton on Amazon. Big sheet like
this, 40 quid. 60 bucks. And I realized that actually the cheap stuff works because
I'm only exposing it for a reasonably short period of time. The Viton ATP 600 is designed
for making gaskets for pipelines that are pumping nitric acid and shit like this. So
actually, I can have something ‑‑ the regular Viton, when you look at the specs
on how they test this stuff, it's like, okay, we're going to immerse it in nitric acid for
24 hours. And it's like, oh, yes. I think it's going to be a little bit more expensive.
It expands 5%. It's like, okay, that's fine. It's going to be nowhere near like 24 hours.
And even if it did expand 5%, who cares? Not with the stuff that we are doing.
So we ended up not using the wing nuts. We actually have a spring pressing down. So the
nuts are still there. But under the nuts is a spring. And it just presses down that
top plate.
There we go. Slightly better. And I also realized that the ‑‑ once you cut the
aperture in the Viton, a handy thing to do is to superglue it to the chip. So therefore
it becomes a kind of monolithic, you know, thing. And the Viton isn't going to be slipping
off the chip, et cetera.
And it ended up using
little strips of Viton with the hole cut in the end so you could put it in and line it
up with the aperture that the acid is going to jet through.
So this was an early mask. Simply cut with a scalpel. But you can use handy things like
leather punches and things like that.
.
And this was the first trial. So this was ‑‑ I think this is an MSP chip, a little TI MCU.
And this was the first go. And actually the results are not too bad. It got a little bit
close to the edge because it wasn't particularly well aligned. And my aperture is a lot larger
than I actually needed for the die. And actually that was the first trial. So this was the
first trial. So that's one useful thing about doing X-rays or doing the plink, plink, fizz
is that you can actually find out exactly how big the die is and where the die is in
order to do some alignment.
So if we zip back to this guy, remember, what I want to do is intercept these five
lines going from the large central chip to the chip on the left. So I'm going to do a
little bit of that. So we can sniff the data between them.
So this one was close, but it went too deep. So you can see the bond wires connecting the
two. But we actually ended up going underneath those chips and destroying the lead frame that
was providing the interconnects to the outside world. So that one was a bust. However, this
one was just right. Take it easy. Take it easy. Take it easy. Take it easy. Take it
down just far enough to expose the bond wires to allow us to tap on to.
Now I'm actually just going to quickly jump back here. So there were some issues with
this initially. One of them was the air. So I got the aquarium pump and I put a valve
in so I can adjust the flow. And then I quickly realized that actually that's a variable and
the best thing to do ‑‑
for me to do is to try and remove all the variables. So the little valve came out and
the pump was simply on at max all the time. Another variable was the temperature. So although
I thought I was getting the temperature right, I wasn't. So I got a hot plate, again from
eBay that had a thermocouple probe which was supposed to be acid resistant and certainly
was not.
Yeah. No, no, no. I went through it.
I went through two before I'm like, okay. So I simply made a long tube, sealed the bottom
of it, you know, with a blow torch, and injected a thermal transfer compound into the bottom
of it, put my thermocouple in there. So when I eventually ‑‑ or eventually, I'm going
to write this up after con, I'll ‑‑ you'll see the pictures and you'll see that third
probe ‑‑
penetrating the stopper. So my acid is at a known concentration.
My temperature is at a known setting. My pressure is at a known setting. So my only
two other variables at that point are the permeability of the epoxy to the acid and
time. So it becomes pretty controllable.
So that was about three minutes. And that is a minute and a half. One minute 30 seconds
and it will always do this. I've done 20 chips like this. Spot on, one minute 30 seconds,
this is where you get to. And that was absolutely perfect for us to micro probe onto the bond
wires and actually sniff the data passing through.
Okay.
So I will publish the results of that and the design ‑‑ we're going to open source
the design for the decapinator so that you guys can have a go at it as well. And, you
know, you can start micro probing ICs that are actually running. And silicon is the
last bastion of security. You can pull hard drives and analyze them. You can sniff memory.
Everyone now is trying to lock away their secrets in silicon. That's where they hide
the keys. So we need to be making moves in this area. The kit is very expensive. Chris
is very well known. Has made a fabulous business out of this. However, he has a lab with millions
and millions of dollars worth of equipment. He is not shopping on eBay. I hate to die.
.
Actually, that's not true. You may well be. You may be using it for business. You may
be. But when you buy used FAB equipment, which is available on eBay, it still costs a million
dollars for your focus ion beam device. Sorry? Cable money. Yes, exactly. So in a week's
time or so I'll have written this up and hopefully I want to get to the point where we have a
set of plans that you can just take and build and possibly we might try and put together
some kits that you can buy and screw together and decap away. So that's it for me. Now a
word from Code Monkey over here. And remember, just to recap.
Lovely. So now I know what the smell is coming from his office. Strange stuff. Okay. So at
this point he handed it over to me. And he's like, you know what? I'm going to put this
on. Okay. So we're doing the probing and we're doing the ‑‑ you know, we've got
the decapping working and so on. Now we need to get the actual code out. We can sniff the
data going between these two buses. But how about extracting the actual code that's running
on the chip? We want to see what instructions, what it's doing with that data. Now the difference
between mass ROM and a programmable chip is a mass ROM chip, it's not a programmable chip.
It's hardwired into the chip. So it never changes. Every chip is identical. It never
gets programmed. It's actually manufactured. The instructions are manufactured into the
chip. So the challenge is how do we read the mass ROM? Well, as Zach mentioned, you
know, we identified the image, the part of the image that is the mass ROM, which is this.
And then we look at it and we say, okay, well, there's an obvious pattern there. Can
we actually read it? So maybe if we look at this and say, well, is that a 1, 1, 0 ‑‑ sorry,
1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1. So, yes, we can. That's binary data. If I just
take that and turn it into hex, there's my instructions, right? So it's like, okay, this
is just way too obvious. This must have been done before. Someone is already doing this.
And in fact, there's some code ‑‑ some
very smart code that deals with even smarter images than this called DGate. Anyone here
played with or heard of DGate? No? Okay. So there's an open source of one guy at the
back. I guess not a lot of people actually play with this stuff. But the guys who polished
the chips off developed this package called DGate. And what it does is image recognition.
So you look at what they were doing was trying to figure out a crypto algorithm. So they
were looking at all gates and and gates and so on. And they wanted to build a pattern
of what the chip was doing. So they used pattern recognition. So they would take a picture
of an or gate and say, right, that's an or gate, find all the other or gates. Here's
an and gate, find all the other and gates. And they packaged it up into this cool bit
of software which will then spit out a graphic representation of what that logic circuit
is doing. Fantastic. That's going to be easy then. I'll just point that code at this and
we'll read the mass ROM and then we've got the code. In fact, when I started playing
with it, I couldn't find anything in there for doing a simple here's a mass ROM, read
the data, please. So I thought I was being thick and I emailed the authors and they
said, yeah, no, we've never done that. We couldn't think of a use case for it. It would
be easy to do, but, yeah, no, we haven't done it. So I'm like, damn it. Okay. Who
is this? Okay. The main community. They're constantly reading ROMs and getting games
and any of you guys actually involved in main here? Main hacking? Not a lot. Any of
you use it, have it, play it? Yeah, that's more like it. Okay. So, again, I reached
out to the main community and said, well, how do you guys do it? And they said, oh,
it's really simple. What you do is you take a picture, you divide it up into chunks, you
send it out to hundreds of people, and they sit there looking at it typing one nought,
one nought, one one. Okay. So slave labor, basically, is how they do it. I think the
technical term is crowd sourcing. Crowd sourcing, yeah. So very cool and it works, obviously,
because we end up with main games that we can play. But I really didn't want to sit
there typing in 5K of ones and noughts. 5K bytes of ones and noughts. And I said, well,
how do you do it? And I couldn't crowd source it because this was a confidential project.
In fact, you're not allowed to look at this, so you never saw this. Okay. So what to do?
So I thought, okay, well, we know how to do it. It just isn't in D-Gate. I'll just
do it with image recognition. So I'll write a little bit of code that does this. And I
use OpenCV, which is fantastic. Any other questions?
Image manipulation code makes stuff like this an absolute doddle. All the hard work
is done for you. It's in Python, which rules, because I love Python.
He is a Python Nazi. Yes. It must be in Python. If it doesn't
work in Python, it ain't worth having. That's my philosophy. But then I thought, well, actually,
if you look at this image, there's lots of problems with it. So we know what the ones
and noughts look like. So these guys are the ones that look like this. So these guys
– a bright dot is a one, and the absence of a bright dot is a zero. That's pretty simple.
But there's a lot of clutter as well. There's all this crap. So you've got these lines.
We've got what look like columns of data. So here we've got a chunk, which is obviously
data, and then you've got a separator, then you've got another chunk, and then you've
got a separator and so on. You've got all this crap at the top. You've got these lines
that go along horizontally between the data.
So I figured I'm going to spend so much time trying to get the code to tell the difference
between good data and bad data that I'm not actually going to be able to successfully
automate this process. So then I thought, okay, the hell with it. I'll semi-automate
the process. What I'll do is automate the process of creating a way of reading it cleanly
and then automatically reading what's done. So I created a thing called Romper. It's a
file, which is ROM parser. I'm going to switch this screen to my laptop. And I apologize.
I hate doing this and sitting down and speaking from behind a laptop because I'm going to
be doing a lot of mousing and fiddling. I'm now going to disappear for you guys. So bye.
It all goes horribly wrong.
They promised me it would just come straight off.
So the laugh is, when we were in the green room and testing it with the projector in
there, it was my laptop that was fucking up left, right, and center. He was like, yeah,
mine's fine.
.
We've got bags of time. Just talk amongst yourselves.
I've got a question.
Yeah.
Go for a question.
Can you talk about how laptops impact what you do?
.
The question was, how do Globtops impact? And Globtops are ‑‑ is it a chip on
board you're talking about?
Yes.
Yeah, okay. So the industry term is COB, chip on board. So basically the die is placed
directly on to the PCB and then it's die bonded across. And then they drop ‑‑ a drop of,
very runny epoxy to actually ‑‑
I'm just going to reboot.
Solidify. So we haven't tried those. I mean, we've tried them in ‑‑ to the point that
we've decapped using the Plink Fizz method things like SIMs, which are so heavily armored
in the silicon, it's unbelievable. So you can see all the chips are in there. You can't
see ‑‑ we've seen here, they look great. You can actually see, you know, the pathways
and areas on the chip. If you look at a SIM, which is intended to be secure silicon, the
top of it is just pretty much a layer of gold armor designed to disable the chip if
you penetrate it.
Interesting enough, it may well be possible to do with the decapinator because the decapinator
ended up being such a useful tool.
I could actually decapinate the chip. So initially I was taking the chip off the PCB,
putting it through the decapinator, putting it back on. I was actually able to get to
the point where I could decapinate the chip while it was still on the PCB. So I was putting
whole PCBs into the decapinator and pitting that one chip and, yeah, that was pretty cool.
I thought it may be possible to do and it turns out it totally is.
I mean, the boards were very small. So if you had a larger board, you're going to have
to have some sort of support structure. But it's totally, totally doable.
Sometimes they're like spherical.
So the question was sometimes they're almost spherical. Does that impact the time to etch?
And the answer is yes. The ‑‑ simply the greater the depth of epoxy, the more
time it takes.
How do you know?
Well, so you'll almost never be able to do this and get it right first time around.
So expect to go through a few chips until you actually work out, okay, it's going to
take X amount of time.
And well done.
Yeah, so expect to go through a few chips before you actually work out, okay, actually,
in that case it's going to take me 1.30 to actually get to where I want to be.
Okay.
Major.
Cool.
Thank you.
Demo gods are with me, hopefully, so far.
Okay.
So if you remember the original image, we had columns of data.
And basically what you have to do is look at those columns and try and figure out exactly
what you're trying to create.
So my idea was I'm going to create a grid over the image.
Okay.
And where there's an intersection, because it's all nice and neat rows and columns, where
there's an intersection, that's a point of interest.
And if there's a dot there, that's a one.
And if there isn't, it's a zero.
And if you're outside the grid, just ignore everything.
So Romper, you tell it basically the image name, the number of bits in your horizontal
line and the number of rows.
The number of lines.
So if I say Romper bitmap, I counted 16 in each column, and I'm going to do two rows
at a time.
You'll see why this is relevant in a minute.
So if I go back to the original view, so basically this is our image, and I reckon
there's 16 bits in each of these sections.
So the first thing we do is apply just a color filter.
Okay.
And I can actually filter it to try and get the dots down a bit smaller, because remember,
we're trying to identify whether it's there or not.
So now what the tool allows you to do is create this grid.
So the first thing I'm going to do is say, okay, this column here is my start column.
Hopefully you can see a little blue line has appeared.
Can you see a blue line on there?
No?
Okay.
Can you now?
Yeah.
Yeah.
So here's my final column, 16.
Because it's nice and even, it's drawn in the rest of the lines for me.
So that's two mouse clicks so far.
So now here's my first row, and here's my second row.
Remember I said there's two in each row.
So again, if I get rid of the image, we've now got a little grid, which is two sets
of intersections.
And now if I just say, okay, here's another group, and here's another group.
Here's another group.
So we're very quickly building up our grid, and I'm going to do this fully, so bear with
me a second.
Okay.
That's enough.
But you see how quick it is to do.
So we're down to, you know, a few dozen mouse clicks to create a grid that matches that
entire thing.
So if we now go back to the image, what I can do is say, okay, wherever there's an intersection,
tell me if there's a bit there or not.
So I'm going to do a read.
And it's now gone.
Yeah, I see a bit there.
These guys don't quite line up.
We know that this pattern is completely the same, you know, it's a repeating pattern.
So all of these lines should look the same.
So what I can do is click on this guy.
This is just me being slightly inaccurate when I'm clicking the mouse.
I try and center.
Basically, when I click on a mouse, on a dot.
Okay.
I try and automatically center the line horizontally and vertically.
The problem is you can't really tell with a mouse where your exact click point is.
What I ought to do is change the cursor to something more accurate.
But I'm just, I'm lazy.
And it kind of worked and it was quick and easy.
So if I now go into edit mode, I can just move that line until it lines up a bit better.
Move this guy.
Or if it's out.
Horizontally I can move it that way and that way.
But you get the idea.
So we can now mess around and try and create a grid that perfectly lines up.
I can go back to looking at the original image if I think that's a bit clearer.
It's kind of hard to see what's going on.
Okay.
So, again, I just thought, well, I'm trying to automate this process.
I'm not trying to fully automate it.
I'm trying to semi automate it.
So I'm going to do things that make it easier for my eye.
The human brain is very good at processing images and patterns.
So I'm just going to make it as easy as possible for my eye to process this stuff.
So you can do things like switching off the grid and checking what's underneath.
Switching between the original and the original.
Okay.
The mast.
And then I have this nice mode called peephole mode.
So you get rid of everything that's not an intersection.
And if we also get rid of the grid, you can now see, well, this guy is not lined up at
all.
So if I go and edit him, I can quickly line that up and you see when you're dead on.
And there's a nice round dot in the center of your thing.
And if I reread.
This is where it all goes horribly wrong.
Okay.
Because I'm not displaying the grid, put the grid back on.
We've now got a clean read of those four bits.
We also want to try and make sense of the data.
So in this particular case, we knew that an unused piece of ROM has a hex value of
C1.
So what looks like ‑‑ if I come out of peephole mode and we look back at the original
image, there are these big chunks of unused data here.
So here's obviously program and here is nothing.
And this repeating pattern, therefore, we would say that must be C1.
So what we should see here, because it's 16 bits, I'm hoping is C1, C1.
Now the quick amongst you will have noticed I ain't going to get that.
So what I can do is say, okay, take these bits and actually show me a hex value.
Okay.
We'll get rid of the mask and the image.
Reduce the font so we can read it.
And here we have the actual values that are decoding for each of our groupings.
And clearly that's wrong.
So what the hell is going on?
So if we go back to our image, turns out, see these guys here, these are lead wires
coming in.
They're going to read a column of bits.
And if you count them, one, two, three, four, five, six, seven, eight.
And if we were to scroll down and look at the bottom of the image, there's another set
of these coming up and they're interleaved with these guys.
So what we've actually got is eight bits interleaved with another eight bits.
So what we're going to have to do is come out of here.
Go back in.
So actually it's not going to work.
It's not 16.
It's eight.
And we're going to start again with eight.
And now you can actually see, okay, so those are apertures.
Basically the automatic aperture size is based on the size of the gaps between the lines.
So I can actually reduce those a bit if it's over reading.
We'll adjust this guy.
Adjust this.
Oh, you can flip bits as well, obviously.
And actually here you can see how useful peephole mode is because when you're trying to manually
check if you've got a nought or a one in the right place and you've got all these other
dots interleaved with these guys, sometimes it can be quite confusing.
So if I go into peephole mode.
All the extraneous imaging.
All the imaging that my brain doesn't need to have to deal with has been removed.
And I can just look at only the dots I'm interested in.
So that really helps.
And if we go over here and again show the hex values, let's get rid of our image so
we can read it.
Get rid of our grid.
And there we go.
There's our C1s.
Thank you.
So, yeah, that was quite a satisfying moment.
It's like, ooh, it actually works.
So we can dumb that to a file.
And I've already done that.
So I now have a hex file, which if we go and look at that.
This is only a tiny portion of the code, obviously.
But it's enough to show you that without my client having to put a hit on us.
So.
And they would.
Okay.
So here we have our C1s.
So lots of little blank areas.
So at this point it's like, okay, we've got the code.
We've extracted the code from the chip.
Now what?
We need to disassemble it.
Okay.
Well, that's easy.
It's a published device.
This particular thing is called a Mark IV.
I'll just go and download a toolkit, developer's kit and disassemble it.
Okay.
So we had a look on guess where?
eBay.
And, no, we came up nil, zilch.
So we widened the search and used the Google.
And the Google said, yeah, we can get you those.
It's a $200 product that stopped being produced about 20 years ago.
So to you, I like your face, $25,000.
No, thank you.
So we did find the manuals.
So we had the instruction set and we had, you know, how to convert it.
So we just said, we'll write our own.
So our friend Python comes in again.
So Mark IV DASM was born.
And if you point Mark IV DASM at a file, it does something like this.
Okay.
So basically, this is going to be slightly nonsensical because it's only a small chunk
of the code.
So what it will give you is a little summary of ROM addresses and labels, things that have
jumped to that address.
If nothing, if it's obviously a subroutine with an exit but nothing calls it, it's an
orphan.
But if it's a known address, like an interrupt, a bit of interrupt code, it will give it the
correct label.
The other really handy thing.
The other thing which meant we could tell when we found the beginning of the program
is there are these two guys that always have to be there.
There's a routine called auto sleep and it sits in a little tight loop, just waiting
for an interrupt.
And there's a routine called reset.
And reset is actually what C1 is doing.
C1 is a jump to the address where reset lives.
So if your code goes mental and your program starts running off into oblivion, eventually,
it will be reset.
It will hit a C1 and C1 will reset the chip.
So all the blank space in the code is a jump to reset, which I thought was a really smart
thing to do.
So instead of just being a null, a knob.
So anyway, you get a little summary of what it's found.
You get a summary of variables.
And then you get the actual disassembled code, which is wrapping horribly because my
screen is too small.
Okay.
All right.
So my disassembler gives you the instruction in the format that the original compiler would
have done it.
So you could run this through the compiler if you wanted to, if you had one.
And here's auto sleep.
It does a nop.
It does a sleep.
It sets branch and carry.
And then it just jumps back on itself.
And it sits there waiting to be interrupted.
Here's our reset.
Sets up the stack.
Sets up the return pointer.
And then jumps to zero.
Off you go.
So we knew we've correctly identified the beginning of the code.
Awesome.
How do we know we've actually read the code, all the code properly?
Well, they helpfully put a checksum at the end.
Now it's wrong in this case because this is only a partial chunk, but here's the checksum
embedded in the ROM and here's the calculated checksum that the disassembler gave us.
And if they match, then we got it right.
Everything is lovely.
One of the other things we really wanted was to be able to run the code and see what the
hell this thing is doing.
We've read the EPROM, so we know the data that's gone in, but we don't know what it's
doing with it.
So we could sit and try and manually step through this or we could write an IDA pro
plug-in or something cool like that.
Again, the development kit would have had an emulator in it.
$25,000, we're not going to buy that.
Actually, I did find a copy of the software for the dev kit.
It was in German and it was on a Russian ware site.
So we decided to give that one a miss.
So yeah, Python is your friend.
Yeah.
Yeah.
Yeah.
Yeah.
A whole chunk of this is being cut off.
I have to say I was absolutely blown away when he showed me this.
This is cool shit.
Yeah.
So we can single step the code.
We can set break points on read or write on the output port.
Over here, you can't see.
You've got all the registers, the stack.
It's got two whole variables, X and Y.
It's a really powerful chip.
We can set breaks on things like branches and so on.
And we can just go off you go and it will just run.
So if I take that break off, it's now sitting in its little loop.
And you can see the branch.
You remember that instruction that set branch and carry and then jump to zero?
That's what we're doing.
And I will probably crash it if I now generate an interrupt point here.
So it's jumped off into code that doesn't actually exist because this is only a partial
fragment of the code.
But this gives us now the ability to run whatever we want.
We can feed the data in via a pseudo EPROM which is plugged into this.
So we now completely own that chip and all the code that was in it and all the data it
was chewing on.
That's it.
Thank you.
Thank you.
Sorry.
Just before we go to questions, one of the cool things about this was the manufacturer
was so super secure in there.
They had a belief that no one was ever going to get the data off this chip.
Oh, it's mass ROM.
No one can read mass ROM.
Once it gets its fuse blown, there's a diagnostic routine that allows them, once the chip is
assembled, to verify the code.
And then they blow a fuse and it's gone.
So couldn't possibly do it.
No way to read it out.
With flash, you have the ability to read it out, but here it's mass so you don't need
that facility.
So it just checks the checksum, yes, okay, now that routine gets turned off.
The interconnect between the MCU and the EPROM, again, all inside the package.
Yeah, it's not exposed to anyone.
No one is ever going to get the code off this EPROM.
And it just shows you what you can actually achieve and how really some of their thinking
is.
So let's take some questions from you guys.
Just a tiny addition to that.
So sometimes we send chips off to people to do stuff like this for things that we couldn't
handle before we did this.
And we ask them, okay, we've got a mass ROM chip, how much would that be?
Ooh, mass ROM, that's tricky.
$10,000 per chip to give you the code.
And it will take three months.
Yeah.
And that chip, the chip we asked about, had 512 bytes of mass ROM.
This had 5K.
And actually, I think it was actually $25,000.
It was horrendously expensive.
Okay, while we've got your attention, this is unrelated, but our next project, which
we will be launching on Kickstarter, so get your camera out and take a picture of that
QR code.
That's my blog entry, which I posted about an hour before we came in to give this talk.
That describes exactly what it is.
It's a software defined, which is the trendy buzz word at the moment, but for RFID.
So this does the same thing for RFID as stuff like HackRF does for RF.
So you get access to the low level raw data.
You do whatever the hell you want with it.
And within a day of building it, we were cloning and emulating pretty much anything we could
put in front of it.
Oh, and it's cheap.
Yeah.
30 pounds maximum.
Selling on Ebay.
Anyway, questions?
Yeah, so what happens when chip manufacturers start using white on this new material to
encapsulate it or some other?
Well, so ‑‑
Okay.
Depending on the complexity of the chip, the chip manufacturers actually do put a lot of
security features in place.
So they will bury things in layers.
So it won't be on the top layer.
It will be eight layers down and put a security layer over the top, a security mesh which
is designed to destroy keys if the chip's powered and it's damaged in any way.
So there's actually, and when we first got into it, we were actually kind of quite pleasantly
surprised that the chip manufacturers actually take security seriously.
Of course, what they're trying to secure is their customer's IP.
So we tend to find that we do a lot of embedded systems reverse engineering.
Normally, a lot of the security is crap.
So they're taking the crown jewels, the super secret key.
That's a polite word for it.
Yeah.
They're super secret master keys and they're storing them in chips that aren't really designed
to secure, you know, keys and things like that.
So we looked at an RFID vendor and their kind of latest and greatest product.
And they'd stored their keys in a PIC chip and we sent it off to a slightly dodgy company.
And they said, oh, that will be $900, sir.
And they sent us back an entire dump of the code, including all their super secret keys.
And we've had chips reversed that have cost as little as 90 bucks.
So if you have a cheap PIC chip, 90 bucks will get you the code.
So they're tending to, with the higher end chips, actually put some effort into trying
to prevent this from happening, proper on-die security.
Let me start by saying that I'm deeply impressed with the range of skill sets you've brought
to this basic problem.
Not just the physical expertise for pulling apart the chips, but the software expertise.
It's an amazing combination.
Thank you.
That's for mis-spent youth.
Yeah.
For those of us ‑‑ with that said, I'm curious as to sort of the amount of time
you have poured into this project end to end.
Surely there were, you know, from the depth of safety lecture, you took your time, did
your research, and the Python codes spitting by, you know, maybe what's an afternoon for
you is a month for the rest of us.
So what's your time going to be like?
Well, we've been doing this stuff between us for, you know, 20 years.
So it's a bit here and a bit there.
Right.
I don't know if you actually sat down and tried to do it in one chunk.
I don't know.
But the whole point of stuff like this and Decappinator is we're trying to solve those
problems and then step everyone forward, you know.
We need to move into a situation where you guys can get up and running within a week,
not a year.
I mean, I guess how long did we start on assets?
So I'm going to say ‑‑
Sorry, guys.
I would have said probably this one project kind of opened ‑‑ it kept diving into
new areas.
So I would have said probably to get to the point where we had the Decappinator and we
were extracting data and ROM power was in existence maybe six months from starting from
a hard, cold start.
And it wasn't as if it was ‑‑ we were working on this full time for six months.
It was six months elapsed and it was a background project that was kind of ticking around.
So actually, you know, probably if you sat down and just focused on it, probably something
like a month to end up where we were.
That's fascinating.
Thanks for sharing.
Thank you.
Hi, guys.
Great.
This is great stuff.
I love it.
I have a question about ‑‑ it's kind of a chip implementation question.
In a lot of the microcontrollers like the PIGs and the Atmils you mentioned there's fused
bits.
You can set like burn your code, verify the code, blow the fused bits and no one else
can read it.
Would it be possible with the Decappinator and the probes to reconnect a fuse rather
than having to read all the data back out of it?
Absolutely.
Sweet.
Yeah.
So ‑‑ and in fact, a guy called Bunny Quang did ‑‑ go have a look at his blog.
It was a little demonstration.
It was fantastic.
So he hand decapped a PIG.
And he masked out ‑‑ he worked out where the fuses were and realized that the fuses
had been covered by a little metallic gold plate.
And he realized that, okay, you're covering it with a plate, but there's still a passivation
layer in between the plate and your actual kind of fuse, which is effectively a transistor.
So what he realized was, right.
If I mask out all the other UV‑sensitive parts of the chip and I put it at an angle,
I can get the UV to bounce under the shield and just cook it and discharge the little
transistor and he could read the data right out.
So there are companies around that will go a lot further and will really dig for you.
And that's your other related note.
Yeah.
We've used the decappinator to drill a hole and then his very precious micro‑probes
to selectively break wires and then probe on and actually feed our own data in instead
of what was supposed to be coming from the other guy.
And the feeding machine, so we're all about getting this into the back room economy so
you can do this yourselves.
So where would we have got the thing that sends the data into these probes?
Not eBay, no.
We got it from Spark Fund and it cost like 30 pounds and it was called the bus pirate.
Hi, this is amazing work, I have to say.
The gentleman before me actually asked the question I was going to ask, so that's easy.
But a quick comment about hydrogen fluoride.
You can ‑‑ an alternate source as well, which is fairly safe, is the stuff which you
use for etching glass and it's not in a gel form, it's in a cream form.
I don't know if that's also usable for the same thing.
Oh, almost certainly.
I hadn't come across that.
I'll certainly have a look at that.
I mean, that may well be a better source of it than the dental stuff.
And I used to work in a lab where they had the real stuff and scary is an understatement
in a lab of 30 people, only one person was allowed it.
It had its own lab which was cooled.
It was cooled to below refrigeration temperature and not only did it have a fume cupboard,
the actual lab was an additional fume cupboard as well.
It was just insane.
Is that why you got both your hands in your pockets?
I don't want to talk about that.
Thank you.
Thank you.
Hi.
You said CRC, right?
As opposed to a more sort of secure algorithm?
Oh, the checksum.
Yeah.
The checksum was actually quite interesting and it's documented and obviously the code
is available.
You can go to the Aperture Labs tools page and the Mark IV DASM is linked off there.
You can download it.
And if you like Python, you'll probably puke when you read my code.
The checksum is actually two checksums.
The left‑hand byte is a left‑hand checksum and the right‑hand byte is a right‑hand
checksum.
And they just do a slightly funny wandering algorithm that would definitely go wrong.
It's just there as an assurance to make sure that the code that was ‑‑ that runs on
the ‑‑ so they'll have a test routine that will run through and read the ROM before
they blow the fuse, calculate the checksum and make sure it matches.
So it's not going to try and recover any lost bits that will just say yay or nay.
Yeah.
And the fuse is there only to disable the test routine?
So can you generate the CRC after the fact to make sure it's still good?
Yes.
In fact, the disassembler, my disassembler will show you what was stored.
The last two bytes in the ROM are the checksum and it will also recalculate and tell you
what those came out as so you can see if they match.
Is this ‑‑ can you poke a running chip to get it to give you the checksum?
Or is it only this stored in the end ‑‑ or stored ‑‑ I mean ‑‑
Can you get it to calculate the checksum?
There is a test routine built into the chip.
In fact, the chips have ‑‑ there's two chunks of code.
When you look at the chip, there's the chip that the customer put in and there's the chip
that ‑‑ sorry, the code that the customer put in and the code that the manufacturer
put in.
And the code that the manufacturer puts in doesn't actually ‑‑ sorry, I was ‑‑ the screen resolution is wrong.
So you couldn't really see what that was.
But the code the manufacturer put in will check it for you but it then gets disabled once
they've done their test.
Possibly you could run it with a $25,000 emulation thing but we never got that.
I was wondering if you could use it as an Oracle to glitch out parts of it as it was
calculating but not if you can't ‑‑
I don't think so.
But, yeah, nice idea.
Thank you.
By the way, that screen saver, did anyone recognize what that was?
So, again, I don't know if it's on the Aperture Labs page, I don't know, but in my blog
I have a blog about writing the Python code that went and grabbed the last frame of every
episode of the Big Bang Theory so that I could have a screen saver that has those.
And the code is published and if you want to save time, so are the copyright infringing
images.
Brilliant work, gentlemen.
Thank you.
Thank you.
Thank you.
I noticed that when you ran the romper program you used the original non‑fluorinated
versions of the chip.
You didn't use the etching compound before and after.
Yeah.
For that image, for that particular process, we had already finished by the time Zach perfected
his technique.
I was already working on the original image.
And, in fact, the reason he looked at cleaning it up was because I was having difficulty
with some of the bits.
It was not actually clear whether it was a one or a zero and I couldn't determine looking
at it.
So I couldn't even correct it myself because I was just guessing if it was a one or a zero.
Yeah.
I don't know how much time we have left.
Is there a speaker in here?
We're the last talk.
So we can go as long as you guys can stand us.
We'll work with that.
The last thing between you and beer is us.
So it will work with both, Dan?
So it will work with both whether you ‑‑ Oh, yeah, yeah, yeah, absolutely.
It's just how clean can you get your image.
Okay.
I think that was the last question anyway.
So thank you.
Thank you.
